Job Description

Senior Penetration Tester-Manchester Hybrid-£60,000-£75,000 + Benefits Our client, a leading Managed Service Provider (MSP), is seeking a highly skilled and experienced Senior Penetration Tester with a specialism in API testing to join their team. The ideal candidate will be responsible for assessing the security of clients' APIs, identifying vulnerabilities, and using various tools and techniques to conduct thorough and comprehensive penetration testing. This role will involve: Conduct penetration testing on clients' APIs to identify vulnerabilities and weaknesses Develop and implement testing methodologies to ensure comprehensive coverage of API testing Conduct security assessments and provide detailed reports to clients Collaborate with the security team to identify, report, and remediate vulnerabilities Keep up to date with the latest security trends and vulnerabilities in the industry Provide guidance and mentorship to other team members Requirements: A minimum of 3 years of experience in penetration testing Experience with web application security testing, network security testing, and wireless security testing Specialism in API testing, including REST and SOAP APIs Experience with common testing tools, such as Burp Suite, OWASP ZAP, and Nmap An industry standard certification such as OSCP, CRT and/or CRTO Ability to work independently and in a team environment If you meet the requirements and are passionate about security, apply now! Interviews are scheduled to take place this week so if you’re interested in hearing more about this and other roles, then please get in touch ASAP to discuss further on 0203 854 2230 or send your CV to z.audritt@locke-mccloud.com Locke & McCloud is the UK’s leading cyber security & information security staffing company – through having a sole focus on the cyber & information security space we have been able to foster solid relationships with some of the UK’s most exciting cyber security consultancies & end-users. Our focus on the information security space allows us to be able to help you find the most exciting opportunities in the cyber security market. If you are on the lookout for your next cyber security or information security role.

Quick response

Required Knowledge

• K0004   Knowledge of cybersecurity and privacy principles.
• K0005   Knowledge of cyber threats an`d vulnerabilities.
• K0009   Knowledge of application vulnerabilities.
• K0070   Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• K0106   Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
• K0177   Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• K0342   Knowledge of penetration testing principles, tools, and techniques.
• K0624   Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

Required Skills

• S0001   Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
• S0051   Skill in the use of penetration testing tools and techniques.
• S0081   Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
• S0137   Skill in conducting application vulnerability assessments.

Required Abilities

• A0001  Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.